To add or modify a Domain Controller:
- In the WebUI, click the Settings tab.
In the left navigation pane, go to Auth and Directory Services > Active Directory > Domain Controllers.
Figure : Domain Controllers Table
Modifying Domain Controller Properties
- Click the expand ( ) Icon next to the entry you wish to modify.
- Edit the entry properties as required, see details below.
Adding a Domain Controller
Click the Add Domain Controller( ) icon at the top of the Domain Controllers Table page.
Figure : Create Domain Controller
Domain Controller - Field Definitions
Domain Controller Address
Specifies an IP address or Fully Qualified Domain Name (FQDN) of the Domain Controller. Valid entries include IPv4 address, IPv6 address, or FQDN.
Specifies the type of domain controller, either Authentication, Call Route, or On Premise.
- Authentication. Authenticates user log-ins.
- Call Route. Supplies call routing information.
- On Premise. Notifies AD that it will be looking up On Premise; this enables the user to enter data to narrow the search scope, and allows the proper user records to be retrieved quickly from the AD server.
Specifies the tree location in Active Directory to use as the starting point for search queries or authentication requests.
Applies a filter to the Search Scope to limit the number of active directory users included in the cache. This field applies only when Call Route is selected from DC Type.
Wildcards are not recommended any place except at the end of the LDAP query string.
NOTE: This field apples to Release 5.0.2 and later.
Sets the LDAP timeout, which is used to query the external Domain Controller duirng cache refreshes and other activity. At any point, if the Domain Controller does not respond within the timeout period, the current operation is aborted and an alarm is raised. This value should be adjusted only when it has been determined that timeouts are occurring.
Valid entry: 5 to 15 seconds.
If a timeout is encountered during an AD cache refresh, the SBC attempts to load the cache for that DC from the backup file representing the last successful cache refresh. If successful, the partial cache collected prior to the timeout is discarded since it contains incomplete records. The AD Cache Status field is updated to Backup (in the Domain Controller Status window) and an alarm is still sent to inform the administrator that a timeout was encountered.
If the SBC is unable to load the cache from the last backup (no backup file present), the partial information collected thus far will be retained, and in this case, the SBC will not have a complete set of records. The AD Cache Status field is updated to Incomplete (in the Domain Controller Status window). See Managing Domain Controllers.
Specifies username (BindDN) to use for querying the Active Directory. The user name must be either the sAMAccountName or the UPN.
Specifies a new password (BindPW) to use for querying the Active Directory.
Specifies the priority ranking of the domain controller for Active Directory queries and is based on domain controller type.
Specifies the order in which the AD queries the domain controllers. Both authentication and call routing domain controllers start at priority 1 (highest) and both may have priority 1.
For Authentication DCs: Only the Priority 1 DC is used unless the DC is down (in this case Priority 2 DC is used).
For Call Route DCs: All DCs are queried in the order of configured priority, until a successful result is obtained.